Learn what the new PCAOB Audit Alert Standard #11 is all about. What are the new internal control testing standards for public companies. How does it impact your testing of critical excel files when you close the books.
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
PCAOB Audit Alert #11: New Internal Control Testing Standards & Excel
1. Compliance Made Simple
PCAOB Audit
Alert #11 & Excel Tango
Updating your internal controls to the new standards
Sept. 24, 2014
Presented by:
Sonia Luna &
Rohn Martino
2. Agenda
• Part II Reports Exposed
– Lessons Learned
– How Excel Impacts
failed areas
• PCAOB –Alert#11
– Common Audit Failures
– Level Of Precision
– Old Vs. New
– Key Report Testing
• Resources
– COSO Implementation
LinkedIN Group
– CCA & Excel
Diagnostic
• Questions
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
2
3. Polling Question 1
Have you started to update your
controls using the new PCAOB Audit
Alert #11 Standards?
Where am I? %age
A Running to Finish Line 75%
B Getting There 50%
C Formulating a Plan 25%
D Not Started 0%
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
3
4. New PCAOB Auditing BAR!
• Caused audit procedure
layering
• More in-depth written
description of estimates and
use of judgment, especially
review controls
• Detailed documentation and
testing of system reports utilized
in performance of controls.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
4
5. External Audit Firm: Closing The Books
(Findings)
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
5
7. Level of precision in Plain English?
• How detailed is management’s review of
journal entries?
• Document your thought process
– Dollar Threshold
– Percentage of Revenue
– Geographic Location
– Lines of Business
– Other Risk Factors
– Timing
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
7
8. Good isn’t good enough
good v. NEW PCAOB control Language
Older Language (“OK”)
Quarterly, Controller reviews the AR
allowance for adequacy and
reasonableness of reserve amounts by
initialing and dating the “AR reserve”
analysis.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
8
9. Good isn’t good enough
good v. NEW PCAOB control Language
Older Language
(“OK”)
Quarterly, Controller
reviews the AR
allowance for
adequacy and
reasonableness of
reserve amounts by
initialing and dating
the “AR reserve”
analysis.
Audit Controller initials &
Match Total $ = DONE!
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
9
10. NEW PCAOB control Language
“new standards for control language”
Older Language
(“OK”)
Quarterly,
Controller reviews
the AR allowance
for adequacy
and
reasonableness of
reserve amounts
by initialing and
dating the “AR
reserve” analysis.
Updated Control (“Better”)
Quarterly, Controller reviews AR
balances of significant customers with
o/s balances greater than $10K and
5% of AR balance and those under
that threshold by customer type (e.g.
geographical location, types of orders,
etc.), to review the AR allowance for
accuracy and completeness.
Adjustments, if needed, are sent via
email to the AR manager, final review
of the AR reserve analysis is initialed
and dated by the Controller which
agrees to the final g/l balance for the
period.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
10
11. Documentation in Excel
• Notate use of a threshold for review
– What is sufficient?
• What other considerations are key?
• How to document Management’s review?
• Every reviewer is different
– Depth of review Manager vs. Controller
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
11
12. Excel Risk Assessments
Key Steps:
Step 1: Inventory your spreadsheets
Step 2: In-scope worksheets, rate them (see below)
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
12
14. Testing Sample – lead sheet
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
14
15. Automate Internal Controls for Excel
CIMCON Software
provides a complete
set of tools to automate
your internal controls:
• XLRisk for Discovery,
Risk Assessment and
Link Mapping
• XLAudit for
remediation of High
Risk Files
• SOX-XL for Change
Management,
reviews and
approvals
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
15
16. Automated Spreadsheet Inventory
• Scan network
locations,
SharePoint,
workstations
• Create
Inventory by
Department
• File Details
Scanned
– # of
Formulas
– # of Links
– # of
Macros
– Invisible
Cells
– Keywords
– Hidden
Rows
– Over 30
more
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
16
17. Spreadsheet Risk Assessment
Identify the High, Medium and Low Risk spreadsheets
in each department based on their Complexity,
Materiality, and Criticality.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
17
18. Spreadsheet Risk Assessment
For each High Risk
spreadsheet,
analyze its Risk
Scorecard and the
factors that make
it high risk.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
18
19. Data Lineage
• All Links
Captured to
Illustrate How
Data Flows
Within a Model
• Link Status is
Checked and
Displayed.
Broken Links
are highlighted.
• All File Types
Shown
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
19
20. Formula and Cell Analysis
• Highlight Issues Directly Within the Spreadsheet
• Analyze Formulas for Errors, Best Practice, Logical
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
20
Issues.
– Formulas With Constants
– Inconsistent Formulas
– Invisible Cells
– Numbers Formatted as Text
– Over 50 Analyses
21. Reporting and Documentation
• Workbook Analysis Report
Generate reports that
documents all the attributes of
the spreadsheet.
• Heat Map Report
Highlights possible issues or errors
within the spreadsheet that may
require remediation.
– Broken Links
– Invisible Cells
– Formulas with Constants
– Formulas with Absolute Cell
References
– Cells with Errors
– Numbers stored as text
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
21
22. Change Control
• Track all significant changes to the spreadsheet including
changes to calculations, links, macros and queries.
• Set up email alerts, .exceptions or reporting on critical changes
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
22
23. Version Control
• Create snapshots of
spreadsheets at key
points in time (e.g.
after Financial Close).
• Compare any 2
snapshots (e.g.
compare today’s
version with last
month’s approved
version) to speed up
reviews and
approvals.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
23
24. Management Review
Implement a structured, secure and
fully documented review process,
with management dashboards that
speed reviews and financial close.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
24
25. Benefits
For Excel Owners and Approvers: Implements a structured
process to manage Excel to reduce errors, identify high
risk files, and speed approvals at the time of financial
close, using automated tools for file compare, audit trails
and reports. Automated system for logic inspection,
detection and removal of errors, and spreadsheet
documentation eases compliance with policies and
procedures.
For Auditors: Reduces cost from tedious and time-consuming
audits of manual processes.
For Management: Reduce risk from spreadsheet errors
that can cause huge losses, loss of reputation and stock
price, using Management Information dashboards where
risky activity is immediately highlighted.
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
25
26. Conclusion
The CIMCON Suite of tools implements a Spreadsheet
Management Process that is:
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
26
Traceable
Repeatable
Accountable
Auditable
Consistent
27. COSO Implementation Group
Join Our LinkedIn Group
COSO Framework Discussion & Webinars
Technical Community sharing Ideas ,Templates,
WEBINARS, Advise and Learn from others implementing
new framework.
JOIN Today!
http://www.linkedin.com/groups/2013-COSO-Implementation-
4888186/about
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
27
28. Control Compliance Analysis (“CCA”)
Email us for 5 SPOTS ONLY:
Info@avivaspectrum.com
Subject: CCA
CCA
Report
In-take Benchmark
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
28
29. Free Excel Toolkit ($400 Value)
• Visual logic inspection
• Highlight errors in seconds
• Documentation and Map Links
• Over 50 Different Analyses
First 5 people to email us will
win a free copy of XLAudit
(limit 1 license per company):
Info@avivaspectrum.com
Subject: XLAUDIT
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
29
30. Send Questions
Sonia Luna- President, CEO
Aviva Spectrum
www.linkedin.com/in/sonialuna
www.slideshare.net/soxppt
www.avivaspectrum.com/podcast
s
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
30
31. Connect with Rohn
Compliance Made Simple ™ PCAOB Alert #11: Excel Tango
31
Rohn Martino
Sr. Manager, Sales and Marketing
CIMCON Software
rmartino@cimcon.com
www.linkedin.com/in/rohnmartino
www.sarbox-solutions.com
(978) 692-9868 Ext. 222
Notas del editor
Sonia (lead): the source of why Audit Practice Alert #11 came to be, was a Dec. 2012 report that the PCAOB issued. This report represented a conclusion of internal control audit failures by the top 8 audit firms. The report disclosed some serious concerns about how and when auditors actually tested internal controls and the depth of how they were being tested. Thus, this audit alert #11 came out by the PCAOB to rectify the situation and finally put in black and white what the PCAOB expects from your external auditors when they audit internal controls.
Sonia (LEAD): This is a Part II repot on a big 4 audit firm. This was a failure on how the auditors tested the controls over journal entries. We know that there have been some audit failures that lead to restatement. What does that mean? Everyone failed – company’s & auditor’s processes failed (company didn’t document or assess well and underline isn’t correct). Increase the points of failure. We’re going to discuss in-depth what this “level of precision” really means to Public companies and even their internal audit folks!
Sonia (LEAD) Here’s the same firm, however this audit of internal control failure came from period-end close controls. I’m calling your attention to the “limited to observing signatures” sentence. Remember the good old days of just looking at those signatures or for those of you that really lucked out by just auditing initials and dates! This one is for you! This is saying that the signature is no longer just enough. There’s more that we need to document.
Sonia (LEAD): So now what does this new term “level of Precision” mean to a Public company versus their external auditors. In short, the PCAOB wants to see BOTH Mgmt and external auditors to have considered what a thorough review requires given your specific environment factors and you’ve documented it. Here’s your cheat sheet if you will of what they are really looking for!
Sonia (LEAD)
Sonia (LEAD)
Rohn (LEAD)
Rohn (LEAD)
Rohn (LEAD)
Rohn (LEAD):
Rohn (LEAD)
Rohn (LEAD)
Rohn (LEAD):
Rohn (LEAD)
Rohn (LEAD):
Rohn (LEAD):
Rohn (LEAD):
Rohn (LEAD)
Sonia (LEAD): For those of you who haven’t joined COSO Implementation group in LinkedIn, please do so today, as both the template and other offerings such as technical videos will NOT be shared with you unless you are a COSO Implementation member. Here is a hyper link and please join today again to get those announcements when the templates are up and running on our website.
Sonia (LEAD): well I know most of you have gotten a lot of value out of this webinar. It was both technical but offered a potential set of solutions for you to consider, which of course some of those solutions you can complete 100% on your own. For those very select few, I’m willing to offer to ONLY 5 of you on this LIVE version of this webinar which is now our Aviva Spectrum Control Compliance analysis with me personally. Let me tell what a CCA as we’ve affectionately called it here truly means to your organization. We first provide you in our intake process which is approximately 45 minutes, an in-depth review of where you are currently at with your SOX 404 process, especially when dealing with the new PCAOB Audit Alert #11. Then we benchmark your status using the latest industry studies and guidance materials available in the Governance, Risk and Control arena! After about 2 weeks of three experts reviewing your data from the intake process, you’ll receive an in-depth custom report on where you are at in your SOX 404 and PCAOB Audit Alert #11 updates on controls. We’ve even done the leg work for you by tying out your core findings to the BEST “Gold Standard” industry materials. Not to mention we’ve highlighted for you what is a High priority versus those moderate or low priority items to address.